Top Monthly Posts
How to install Emby Server on Ubuntu
Understanding NGINX Location Rules: A Comprehensive Guide
Log Management in Linux with Lnav
How to install PHP 8.1 on RHEL based...
How to Install Windows 10 Without a Microsoft...
Comment activer HSTS pour Apache
How to install Python on CentOS 8
How to Install tmux On Ubuntu 22.04
15,000 WordPress Sites hacked with Malicious Redirects
Websites Posing as MSI Afterburner That Spread CoinMiner
How to enable HSTS on Apache
Top Monthly Posts
How to install Emby Server on Ubuntu
Understanding NGINX Location Rules: A Comprehensive Guide
Log Management in Linux with Lnav
How to install PHP 8.1 on RHEL based...
How to Install Windows 10 Without a Microsoft...
Comment activer HSTS pour Apache
How to install Python on CentOS 8
How to Install tmux On Ubuntu 22.04
15,000 WordPress Sites hacked with Malicious Redirects
Websites Posing as MSI Afterburner That Spread CoinMiner
How to enable HSTS on Apache

Your IP Address: 184.149.61.154

Wednesday, April 24, 2024
Home // How to enable HSTS on Apache
LinuxUbuntu

How to enable HSTS on Apache

apachehow to configureOpen-SourcesecurityUbuntuweb server
pcplanet 0 3 minutes read
| Published on: August 13, 2022 | Last updated on: September 20, 2022

In this article, we will demonstrate how to enable HSTS in Apache.

To protect HTTPS websites from downgrade attacks, they can implement a web security policy mechanism called HTTP Strict Transport Security (HSTS). Your browser will not be able to view the site via a connection type other than HTTPS if HSTS is enabled.

Some websites continue to have pages that only serve HTTP requests even after SSL has been installed. Therefore, in order to avoid the use of the HTTP protocol, With the introduction of the HSTS header, websites are compelled to switch from the insecure HTTP protocol to the more secure HTTPS protocol.

Let’s Encrypt certificates are strongly suggested if your website still uses HTTP without SSL, as they have aided the widespread transition to HTTPS (almost a solid 25 percent as of today). In addition, Google and other search engines give SSL-enabled sites a higher ranking than those without encryption.

If your Apache-hosted website is already HTTPS-secure, enabling HSTS will be a breeze.

Requirements

This guide assumes:

  • You have a working Apache installation
  • You have a working site
  • You have a working SSL cert
  • You are on Linux

Enabling HSTS headers

the headers module must be added to the configuration file (https://pcplanet1.b-cdn.net/etc/apache2/httpd.conf):

LoadModule headers_module modules/mod_headers.so

Configure each site’s headers to enable HSTS on Apache

Configure the header settings for each SSL-using website; the configuration file is often located in /etc/apache2/sites-enabled/.

The configuration file has to have the following line added to it in order to have the Strict-Transport-Security header settings specified for a period of time spanning two years:

<VirtualHost *:443>
...
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
...
</VirtualHost>

Including the includeSubdomains parameter in a URL instructs the browser to load all of the subdomains for that domain. If you disable this setting, only secure connections to the current domain will be allowed. Yet doing so is strongly discouraged.

When the Apache configuration is reloaded, this header will be shown to all users with an expirationtime of 63072000 seconds (2 years). Be sure to apply this setting to the HTTPS (:443) vhost and not the HTTP (:80) one.

IF YOU ARE HAVING PROBLEMS WITH THIS GUIDE, EMAIL US AT:

You may also like

Getting comfortable with Python Virtual Environments (venv)

Understanding NGINX Location Rules: A Comprehensive Guide

Introduction to PHP Server-Side Scripting Language

Implementing SSL on NGINX: Protecting Your Website with...

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

* By using this form you agree with the storage and handling of your data by this website.

Copyright @2022-2024 All Right Reserved – PCPlanet

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. You understand and give your consent that your IP address and browser information might be processed by the security plugins installed on this site. By clicking “Accept”, you consent to the use of ALL the cookies.
.
Accept Read More

Privacy & Cookies Policy